Confirming rumors that began trickling out earlier this week, Facebook today said that it would make its privacy controls easier to use. But the company stopped short of adding any specifics, and didn’t lay out a timetable for the changes. Oh, and Facebook has also been caught handing over some private data to big advertisers. And did we mention the hack that could delete all your friends?

First the big yawn, er, announcement. According to PC Mag, a Facebook spokesman said:

The messages we’ve received are pretty clear. Users appreciate having precise and comprehensive controls, but want them to be simpler and easier to use. They also like the new programs we have rolled out, but want simple and easy ways to opt out of sharing personal information with applications and Web sites through Facebook Platform. We’re listening to this input and incorporating it into innovations we hope to announce shortly.

Our exclusive Megglefish® translation: “We figured if we made it really hard to control your privacy, people just wouldn’t bother. Busted! So, we’ll make it easier, like, when we get around to it. But we’ll still give away most of your info, so we win!”

Megglefish® also suggests: “Some of you have said you like what we are doing, so we’re selectively listening to that input, and now we will say the word ‘innovations’.”

Facebook’s other big news: The Wall Street Journal found a loophole in the referrer data provided by Facebook to big ad agencies that would let them match your profile with your ad-viewing history; similar problems were found on other sites, including Digg and Myspace. Agencies contacted by the Journal said they didn’t even know they were getting the data, and Facebook and Myspace have already closed some of the holes. According to the Journal: “The sites may have been breaching their own privacy policies as well as industry standards, which say sites shouldn’t share and advertisers shouldn’t collect personally identifiable information without users’ permission.”

Now, for that hack. PC World reports:

[College student Steven Abbagnaro has] written proof-of-concept code that scrapes publicly available data from users’ Facebook pages and then, one by one, deletes all of their friends. For the attack to work, however, the victim would first have to be tricked into clicking on a malicious link while logged into Facebook. “The next thing you know, you have no friends,” Abbagnaro said.

Abbagnaro says he’s not releasing the code, but that “technically competent hackers could figure out how to pull off the attack.”

Did we mention that Facebook is planning to make its privacy controls simpler in some vague, undefined way, at some point in the future. Oh, right. Nevermind.